Microsoft Word - iOSAppReverseEngineering.docx

(lldb) ni

Process 184500 stopped

* thread #1: tid = 0x2d0b4, 0x002a0920

MicroMessenger`___lldb_unnamed_function11980$$MicroMessenger + 212, queue =

'com.apple.main-thread, stop reason = instruction step over

frame #0: 0x002a0920 MicroMessenger`___lldb_unnamed_function11980$$MicroMessenger +

212

MicroMessenger`___lldb_unnamed_function11980$$MicroMessenger + 212:

• 
  

  
  

  0x2a0920: mov r11, r0
  0x2a0922: movw r0, #32442
  0x2a0926: movt r0, #436
  0x2a092a: add r0, pc
  (lldb) po [[[[$r0 contentObj] mediaList] objectAtIndex:0] pathForData]
  /var/mobile/Containers/Data/Application/E9BE84D8- 9982 - 4814 - 9289 -
  823D5FD91144/Library/WechatPrivate/c5f5eb23e53bb2ee021b0e89b5c4bc9a/wc/media/5/60/2a16b0
  b62baf39924448a74fa03ff2
  (lldb) po [[[[$r0 contentObj] mediaList] objectAtIndex:0] pathForPreview]
  /var/mobile/Containers/Data/Application/E9BE84D8- 9982 - 4814 - 9289 -
  823D5FD91144/Library/WechatPrivate/c5f5eb23e53bb2ee021b0e89b5c4bc9a/wc/media/5/7f/cdc793
  9813d1a95feda4bed05f9b82
  (lldb) po [[[[$r0 contentObj] mediaList] objectAtIndex:0] pathForSightData]
  /var/mobile/Containers/Data/Application/E9BE84D8- 9982 - 4814 - 9289 -
  823 D5FD91144/Library/WechatPrivate/c5f5eb23e53bb2ee021b0e89b5c4bc9a/wc/media/5/60/2a16b0
  b62baf39924448a74fa03ff2.mp4
  (lldb) po [[[[$r0 contentObj] mediaList] objectAtIndex:0] dataUrl]
  type[1], url[http://vcloud1023.tc.qq.com/1023_0114929ce86949a8bfb6f7b46b6b39b8.f0.mp4]
  (lldb) po [[[[$r0 contentObj] mediaList] objectAtIndex:0] lowBandUrl]
  nil
  (lldb) po [[[[$r0 contentObj] mediaList] objectAtIndex:0] previewUrls]
  <__NSArrayM 0x8725950>(
  type[1],
  url[http://mmsns.qpic.cn/mmsns/WiaWbRORjpHsUXcNL3dNsVLDibRZ9oufPnXeJqZdlG4xhND43M87sh7DR
  cxttVPxAO/0]
  )

  
  

  
  

From the file names, I am pretty sure that they are the Sight information we’ve been

looking for. Whatever it is ssh or iFunBox that opens the local files; whether it be MobileSafari

or Chrome that opens the URL, you can come to these conclusions:

-^ The value of pathForData is the local path of the Sight without suffix.^
-^ The value of pathForPreview is the path of the Sight’s preview image without suffix.
-^ The value of pathForSightData is the local path of the Sight with suffix.^
-^ The value of dataUrl is the Internet URL of the Sight.^
-^ The value of lowBandUrl is nil, but I guess this value is not nil when the network condition is not

good. In order to save bandwidth, file from this URL may be smaller than file from dataURL on size.

-^ The value of previewUrls is the Internet URL of the Sight’s preview images.

The prototyping of tweak is finished for now. Let’s comb our thoughts before coding.